The Computer Emergency Response Team (CERT) has issued a warning regarding the spread of Locky ransomware in India. Locky ransomware takes over a victim’s system and encrypts its files, demanding a ransom to release the data, similar to the Petya or WannaCry ransomwares. The main difference with Locky is its ability to analyze the most important files and demand individual price for the locked data.
CERT has stated that over 23 million emails and messages have been sent with the Locky ransomware attached. The spam messages contain common subjects like "please print", "documents", "photo", "Images", "scans" and "pictures", however, the subject texts may change in some cases such as targeted phishing campaigns, the organization added.
“The messages contain "zip" attachments with Visual Basic Scripts (VBS) embedded in a secondary zip file. The VBS file contains a downloader which polls to domain "greatesthits[dot]mygoldmusic[dot]com" (please do not visit this malicious website) to download variants of Locky ransomware.”, warned CERT-IN.
The encrypted files of a system infected with the ransomware displays file extensions with "[.]lukitus" or "[.]diablo6". These are two new variants as the earlier 2016 variant of the ransomware named the encrypted file extensions to “.Locky”. After encrypting the files, the ransomware demands a payment of 0.5 Bitcoins or about Rs 1,51,171.
In order to stay safe from the Locky malware, CERT has advised not to click on any of the suspicious files which have the above mentioned subject lines. It is also recommended to take regular backups of your important files using an external storage device. Do take note that the ransomware affects your network drives and attached removable media such as flash drives and external hard disks. Consider not keeping them attached to your computer at all times as Locky will block all access to them too in case of an attack